Gartner Blog Network

Augusto Barros
Research VP
3 years at Gartner
21 years IT Industry

Augusto Barros is Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. Read Full Bio

The Virtual Patch Analyst

by Augusto Barros  |  March 7, 2018

Is there a need, or place for a “virtual patch analyst”? If you look at our guidance on vulnerability management, you’ll see that one of the key components we suggest our clients to consider is preparing for mitigation actions, when the immediate vulnerability remediation is not possible. We often see organizations scrambling to do it […]

Read more »

It’s Not (Only) That The Basics Are Hard…

by Augusto Barros  |  February 26, 2018

While working on our research for testing security practices, and also about BAS tools, I’ve noticed that a common question about adding more testing is “why not putting some real effort in doing the basics instead of yet another security test?”. After all, there is no point in looking for holes when you don’t even […]

Read more »

SOAR paper is out!

by Augusto Barros  |  February 22, 2018

Anton beat me this time on blogging about our new research, but I’ll do it anyway 🙂 Our document about Security Orchestration, Automation and Response (SOAR) tools includes some interesting findings. Anton provided some quotes on his post, but I’ll mention some of my favorites too: SIEM tools are often used to aggregate multiple sources […]

Read more »

BAS and Red Teams Will Kill The Pentest

by Augusto Barros  |  February 14, 2018

With our research on testing security methods and Breach and Attack Simulation tools (BAS), we ended up with an interesting discussion about the role of the pentest. I think we can risk saying that pentesting, as it is today, will cease to exist (I’ll avoid the trap to say “pentesting is dead”, ok? :-)). Let […]

Read more »

The “working with an MSSP” Tome Is Here

by Augusto Barros  |  January 30, 2018

As Anton just posted, the new version of the famous “How to Work With an MSSP to Improve Security” has just been published. I’m very happy to become a co-author (together with Anton and Mike Wonham) on this document, as it is usually one of our documents that I most frequently refer to clients during […]

Read more »

Security Monitoring Use Cases, the UPDATE!

by Augusto Barros  |  January 17, 2018

Posting about updated documents is often boring, but this time I’m talking about my favorite Gartner document, as usual, co-authored with Anton: “How to Develop and Maintain Security Monitoring Use Cases”! This document described an approach to identity, prioritize, implement and manage security monitoring use cases. Of course, it has a lot on SIEM, as it’s […]

Read more »

Automation – Why Only Now?

by Augusto Barros  |  January 12, 2018

As we ramp up our research on SOAR and start looking at some interesting tools for automated security testing, something crossed my mind: Why are we only seeing security operations automation and security testing automation technologies come to market now? I mean, automating workflows is not new technology, so why are these specific workflows only […]

Read more »

Threat Simulation – How real does it have to be?

by Augusto Barros  |  January 9, 2018

We are starting our research on “Testing Security”. So far we’ve been working with a fairly broad scope, as Anton’s post on the topic explained. One of the things we are looking at is the group of tools that has been called “breach and attack simulation tools”. Tools that automate exploitation have been around for […]

Read more »

Threat Detection Is A Multi-Stage Process

by Augusto Barros  |  December 4, 2017

We are currently working on our SOAR research, as Anton has extensively blogged about. SOAR tools have been used to help organizations  triage and respond to the deluge of alerts coming from tools such as SIEM and UEBA. Although this is sometimes seen as the earlier stages of incident response, I’ve been increasingly seeing it […]

Read more »

Machine Learning or AI?

by Augusto Barros  |  November 28, 2017

We may sound pedantic when pointing we should be talking about Machine Learning, and not AI, for security threat detection use cases. But there is a strong reason why: to deflate the hype around it. Let me quickly mention a real world situation where the indiscriminate use of those terms caused confusion and frustration: One […]

Read more »